NIS+ through NAT firewall

[Bob Edwards]

I knew I should have kept better documentation when we tried this experiment 
several years ago on one of our systems. We ended up using LDAP, which works 
fine through a NAT firewall.

 From memory, we had to give the NAT firewall machine a pseudo credential on 
the NIS+ server, and then use this same credential for all the clients sitting 
behind the NAT firewall - ie. they all had the same credential, which may not 
be an optimal situation for you.

As for the sequence of NIS+ packets between the client and server, why don't 
you fire up tcpdump on the client and just watch them directly? Basically, all 
NIS+ traffic is occuring over TCP connections and always start from the 
client, so if your NAT firewall allows any TCP connection through that is 
originated from the inside (a usual scenario), then it should work, if you get 
the credential correct.

Cheers,

Bob Edwards.

Ravi Kiran wrote:
> hello Gurus,
> 
>                   Has anybody successfully implemented NIS+ across NAT 
> firewall?? I have a setup where clients(redhat linux 7.3) are behind a 
> NAT linux firewall(uses iptables) and the server is on the other side of 
> the firewall(solaris server). when I type niscat passwd.org_dir I get a 
> NIS+ server unreaachable.
> 
>      Can anybody tell me clearly what transactions happen from start and 
> on what ports in an order so that I can figure out what ports and 
> protocols I have to allow through the NAT firewall.
> 
> Thanking you guys in anticipation,
> 
> ravi
> 
> 
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Yahoo! Mail Plus 
> <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> - 
> Powerful. Affordable. Sign up now 
> <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com>